February 28 2025 • 8 minutes
Although there had been cautious optimism for the crypto world for the initial few months of 2025, February 2025 was a wild ride regarding the losses for both the DeFi world and the broader crypto community. Contrasted with the $148,750,165 of losses due to thefts suffered in February of 2024, February of 2025 saw a humongous $1,762,098,500 lost across 10 occurrences. Recovery was slightly improved this year with stolen money of about $43,000,000 recovered compared to only $6,625,932 recovered funds in February 2024. February 2025 losses were driven by a mix of access control weaknesses, exploits, and phishing attacks, again highlighting that protocol vulnerabilities are still a significant threat to the security of a protocol’s funds.
February 2025 total losses have been $1,762,098,500, a huge jump from January 2025’s total of $94,417,000 and a 1,871% month-over-month rise – the dramatic escalation in losses is an intensification of the scale and frequency of the attacks. Both the increased sophistication of the exploits as well as the size of the projects that are being targeted seem to indicate an increased prevalence of coordinated attacks on both high-level as well as small protocols.
February 2025 saw a total of $1.76 billion lost across 10 incidents, a significant rise from $148.75 million lost in February 2024 – this increase signals a shift in the type of exploits and the platforms that are being exploited. Even though $43 million worth of stolen assets was recovered within the month the losses indicate continuing vulnerabilities, particularly in lending protocols token projects, and decentralized exchanges (DEXs).
The biggest incident was the Bybit exploit, which resulted in a loss of $1.4 billion – the exploit was primarily due to access control weaknesses, where the attacker broke into Bybit’s cold storage unauthorized and withdrew an enormous amount of ETH – this is an indication of the ongoing threat posed by centralized exchanges despite robust security measures such as cold storage and multisignature wallets – the magnitude of this attack has been attributed to North Korea’s Lazarus Group.
Elsewhere, usual culprits like flash loan attacks and phishing attacks are still on the loose. A phishing attack led to a loss of $4 million in the case of Suji Yan, while a flash loan attack on StepHeroNFTs led to a loss of $90,000.
This month, ETH and Solana lead the way in terms of amounts lost to exploits – these were driven by two high-profile exploits, namely ByBit on Ethereum and LIBRA in the case of Solana – the concentration of losses on these two chains, however, is otherwise unsurprising, given that these are two of the largest ecosystems by Total Value Locked (TVL) in the crypto space.
Bybit, a major cryptocurrency exchange, suffered a security breach on 21 February 2025, where it lost roughly $1.46 billion of Ethereum (ETH) – this had resulted from the compromise of the multisignature cold wallet in a sophisticated phishing attack that controlled the smart contract logic – the hackers deceived Bybit’s security staff using a “masked” transaction, where the UI displayed a legitimate Safe (Gnosis Safe) address but, in reality, altered the wallet’s smart contract permissions to transfer control to the hackers. Once the hackers signed the fake transaction they drained 401,346 ETH (~$1.13 billion) and other tokens including mETH and stETH, immediately selling them for ETH on decentralized exchanges (DEXes) to erase their traces – the stolen assets were spread out into multiple wallets, and it was difficult to trace and recover the money. Bybit ensured that only a single cold wallet had been hacked and that the withdrawals were still active.
Fortunately, however, some of the money was reclaimed. mETH Protocol reclaimed 15,000 cmETH ($43M) from the Bybit hack because of its 8-hour withdrawal delay that provided the team with time to freeze unauthorized withdrawals – the reclaim was led by Mudit Gupta (Polygon’s CISO) and SEAL security team.
Tether froze 181,000 USDT, and Bybit confirmed bounties of $4.3M for the recovery team and $18,100 for Tether. Exchanges helped freeze $42.89M in stolen funds, so this was one of the quickest big recoveries.
The LIBRA memecoin collapse wiped out $4.4 billion, and 74,000 investors were left with $286M in losses. Promoted by Argentina President Javier Milei the token rocketed before being rug-pulled by the insiders.
LIBRA’s collapse followed a classic inside-driven rug pull, where large whales such as Hayden Davis and Kelsier Ventures pre-mined massive amounts of tokens and coordinated promotions between influencers and President Milei to pump the market cap to $4.4 billion – the insiders began dumping their tokens at the peak, draining the liquidity and crashing the price, while on-chain indicators associated the scam with earlier fake schemes such as MELANIA and OG FUN. Prominent trader Dave Portnoy of Barstool reportedly lost $5.17 million but was later paid a $5M USDC, fueling speculation of insider payment. Additional leaks showed the way Jupiter and Meteora insiders were alerted to LIBRA’s launch before it happened so that they might place sniping trades to enjoy millions of dollars in unauthorized profits, prompting criminal charges for fraud and political scandal in Argentina.
Infini, a payment platform for stablecoins, was hacked on February 24, 2025, for $50 million, allegedly by a developer who had administrative access after contract deployment – the hacker, who is thought to be a former Infini smart contract developer, had secret admin access in the deployed contract – this allowed them to bypass security and drain $49.52 million of USDC without resistance – the exploit was carefully planned because the attacker’s wallet was funded via Tornado Cash to be anonymous – the stolen USDC was exchanged for DAI immediately to prevent freezing, and then exchanged for 17,696 ETH before withdrawal to a new wallet. Infini did not freeze withdrawals, with CEO Christian Li stating they would cover losses in full if needed – the attack follows closely on the heels of Bybit’s record-breaking $1.4 billion hack and is used to raise yet more security issues in the crypto space.
On February 4th, 2025, Ionic Protocol suffered from a $12.3 million social engineering attack on the Mode network – the attacker created a copy LBTC and, after prolonged interaction with the Ionic team, secured its validation as collateral using an API3 Oracle and a Balancer pool – they then withdrew $12.3 million of supply assets worth 250 LBTC and deposited them into Layerbank and Ironclad, borrowing against them as liquid tokens. Mode freezing the attacker’s wallet did not deter them as they circumvented the block by working around it through Layer 1 transactions, bridging further assets and depositing another 159 ETH into Tornado Cash.
5. zkLend Hack
On Feb 12 2025, zkLend, a Starknet lending protocol, was hacked due to a rounding error in the mint() function – the attacker forged the lending_accumulator to artificially inflate their balance, causing a loss of $9.5M (3,600 ETH) – the attack was founded on a rounding error within zkLend’s mint() function, where faulty integer division (div(amount, accumulator)) led to downward rounding and inflation of balances – the attacker artificially pumped up the lending_accumulator, repeatedly depositing and withdrawing wstETH while earning additional wei through rounding differences – this was amplified exponentially in the process of expanding their balances so that they could withdraw wstETH without accompanying cost removals. Stolen assets were eventually bridged onto Ethereum and washed through Railgun, even though Railgun protocol policies refunded them to the original attacker address.
February 2025 was particularly chaotic for the crypto world, and there was a gargantuan surge in losses through numerous exploits and vulnerabilities – the biggest incident was the Bybit exploit, which saw an astonishing $1.4 billion in loss, exposing the urgent need for stronger security measures within central exchanges – these incidents include the collapse of LIBRA memecoin, Infini exploit, Ionic exploit, and the hack on zkLend, among others, uncovering a wide range of vulnerabilities in the DeFi ecosystem.
These incidents underscore the ongoing risk of access control vulnerabilities, insider abuse, and smart contract vulnerabilities – they also emphasise the importance of robust security protocols, comprehensive smart contract audits, and constant monitoring to protect against new threats. As the crypto ecosystem continues to grow and evolve, it is crucial that platforms harden their defenses and remain vigilant to new threats.
February 28 • 8 minutes
October 2025 saw a total of $38.63 million lost across nine distinct security incidents in both centralized and decentralized platforms.
October 29 • 5 minutes
The third quarter of 2025 marked yet another turbulent period for the DeFi and wider crypto ecosystem, with $434,124,000 lost to exploits, scams, and security failures across both centralized and decentralized platforms.
October 1 • 14 minutes
June 2025 witnessed another alarming month for Web3 security, with a total of $114,768,000 lost during 11 separate attacks
June 30 • 10 minutes
May 2025 saw both DeFi and CeFi security once again under attack, with $275,953,000 lost across just 8 recorded incidents
May 31 • 8 minutes
April 2025 witnessed a large escalation in exploit volume and value, with a massive $5,919,684,000 being stolen in 10 confirmed events.
April 30 • 10 minutes
Q1 2025 marked one of the worst quarters in blockchain exploit history, with total recorded losses topping $2,052,584,700 across 37 incidents
March 31 • 8 minutes
© De.Fi. All rights reserved.
